io.grpc.util

Class AdvancedTlsX509KeyManager

java.lang.Object

javax.net.ssl.X509ExtendedKeyManager

io.grpc.util.AdvancedTlsX509KeyManager

All Implemented Interfaces:

KeyManager, X509KeyManager

@ExperimentalApi(value="https://github.com/grpc/grpc-java/issues/8024")
public final class AdvancedTlsX509KeyManager
extends X509ExtendedKeyManager

AdvancedTlsX509KeyManager is an X509ExtendedKeyManager that allows users to configure advanced TLS features, such as private key and certificate chain reloading, etc.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static interface	AdvancedTlsX509KeyManager.Closeable Mainly used to avoid throwing IO Exceptions in java.io.Closeable.

Constructor Summary

Constructors

Constructor and Description
AdvancedTlsX509KeyManager() Constructs an AdvancedTlsX509KeyManager.

Method Summary

Modifier and Type	Method and Description
String	chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)
String	chooseEngineClientAlias(String[] keyType, Principal[] issuers, SSLEngine engine)
String	chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine)
String	chooseServerAlias(String keyType, Principal[] issuers, Socket socket)
X509Certificate[]	getCertificateChain(String alias)
String[]	getClientAliases(String keyType, Principal[] issuers)
PrivateKey	getPrivateKey(String alias)
String[]	getServerAliases(String keyType, Principal[] issuers)
void	updateIdentityCredentials(PrivateKey key, X509Certificate[] certs) Updates the current cached private key and cert chains.
void	updateIdentityCredentialsFromFile(File keyFile, File certFile) Updates the private key and certificate chains from the local file paths.
AdvancedTlsX509KeyManager.Closeable	updateIdentityCredentialsFromFile(File keyFile, File certFile, long period, TimeUnit unit, ScheduledExecutorService executor) Schedules a ScheduledExecutorService to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AdvancedTlsX509KeyManager

public AdvancedTlsX509KeyManager()
                          throws CertificateException

Constructs an AdvancedTlsX509KeyManager.

Throws:

CertificateException

Method Detail

getPrivateKey

public PrivateKey getPrivateKey(String alias)

getCertificateChain

public X509Certificate[] getCertificateChain(String alias)

getClientAliases

public String[] getClientAliases(String keyType,
                                 Principal[] issuers)

chooseClientAlias

public String chooseClientAlias(String[] keyType,
                                Principal[] issuers,
                                Socket socket)

chooseEngineClientAlias

public String chooseEngineClientAlias(String[] keyType,
                                      Principal[] issuers,
                                      SSLEngine engine)

Overrides:

chooseEngineClientAlias in class X509ExtendedKeyManager

getServerAliases

public String[] getServerAliases(String keyType,
                                 Principal[] issuers)

chooseServerAlias

public String chooseServerAlias(String keyType,
                                Principal[] issuers,
                                Socket socket)

chooseEngineServerAlias

public String chooseEngineServerAlias(String keyType,
                                      Principal[] issuers,
                                      SSLEngine engine)

Overrides:

chooseEngineServerAlias in class X509ExtendedKeyManager

updateIdentityCredentials

public void updateIdentityCredentials(PrivateKey key,
                                      X509Certificate[] certs)

Updates the current cached private key and cert chains.

Parameters:

key - the private key that is going to be used

certs - the certificate chain that is going to be used

updateIdentityCredentialsFromFile

public AdvancedTlsX509KeyManager.Closeable updateIdentityCredentialsFromFile(File keyFile,
                                                                             File certFile,
                                                                             long period,
                                                                             TimeUnit unit,
                                                                             ScheduledExecutorService executor)
                                                                      throws IOException,
                                                                             GeneralSecurityException

Schedules a ScheduledExecutorService to read private key and certificate chains from the local file paths periodically, and update the cached identity credentials if they are both updated.

Parameters:

keyFile - the file on disk holding the private key

certFile - the file on disk holding the certificate chain

period - the period between successive read-and-update executions

unit - the time unit of the initialDelay and period parameters

executor - the execute service we use to read and update the credentials

Returns:

an object that caller should close when the file refreshes are not needed

Throws:

IOException

GeneralSecurityException

updateIdentityCredentialsFromFile

public void updateIdentityCredentialsFromFile(File keyFile,
                                              File certFile)
                                       throws IOException,
                                              GeneralSecurityException

Updates the private key and certificate chains from the local file paths.

Parameters:

keyFile - the file on disk holding the private key

certFile - the file on disk holding the certificate chain

Throws:

IOException

GeneralSecurityException